worm blog: The Effect of DNS Delays on Worm Propagation in an IPv6 Internet

« Detection of Mass Mailing Worm-infected IP address by Analysis of Syslog for DNS server | Main | Fast Worm Propagation In IPv6 Networks »

The Effect of DNS Delays on Worm Propagation in an IPv6 Internet

Finally, a paper that look at the common idea that IPv6 networks will be safe from worm attacks.I think this paper says it better than I have been able to for the past couple of years.

It is a commonly held belief that IPv6 provides greater security against random-scanning worms by virtue of a very sparse address space. We show that an intelligent worm can exploit the directory and naming services necessary for the functioning of any network, and we model the behavior of such a worm in this paper. We explore via analysis and simulation the spread of such worms in an IPv6 Internet. Our results indicate that such a worm can exhibit propagation speeds comparable to an IPv4 random-scanning worm. We develop a detailed analytical model that reveals the relationship between network parameters and the spreading rate of the worm in an IPv6 world. We also develop a simulator based on our analytical model. Simulation results based on parameters chosen from real measurements and the current Internet indicate that an intelligent worm can spread surprising fast in an IPv6 world by using simple strategies. The performance of the worm depends heavily on these strategies, which in turn depend on how secure the directory and naming services of a network are. As a result, additional work is needed in developing detection and defense mechanisms against future worms, and our work identifies directory and naming services as the natural place to do it.

Source: The Effect of DNS Delays on Worm Propagation in an IPv6 Internet, Abhinav Kamra, Hanhua Feng, Vishal Misra and Angelos D. Keromytis.

June 10, 2005 in IPv6, papers | Permalink
Tell others: digg submit | del.icio.us this | Reddit